Trojan Horse BackDoor.delf

[PeteXX]

I am getting a notice that my computer has a Trojan Horse Virus, Back Door
Delf.
The notice states that it is located at C:System Volume
Information\_restore{E9A2A9EB-6D36-423D-887A-0D0A601BA90C\RP164\A0029899.exe
I am running AVG 7.0 I aslo am using Norton anti vrius.
Neither antivirux program identifies the virus so I can get rid of it. All
that happens is that AVG says my computer has the virus and identifies it as
above. Can anyone help?

 

[CalamityKen]

PeteXX typed:

I am getting a notice that my computer has a Trojan Horse Virus, Back
Door Delf.
The notice states that it is located at C:System Volume
Information\_restore{E9A2A9EB-6D36-423D-887A-0D0A601BA90C\RP164\A0029899.exe
I am running AVG 7.0 I aslo am using Norton anti vrius.
Neither antivirux program identifies the virus so I can get rid of
it. All that happens is that AVG says my computer has the virus and
identifies it as above. Can anyone help?

Turn off System Restore and empty the Recycle Bin then enable System Restore
after rebooting and varifying the trojan is gone.
http://www.arnoldco.com/help/html/disable_restore.html

Using two concurrent active anti virus scanners is not a good idea as they
compete for the same system resources and could render them ineffective.

Choose one as the active scanner and keep the other as a backup on-demand
scanner after disabling the active scanner.

 

[PeteXX]

Thanks for your help. I followed your directions. How do I check to verify
that the trojan is gone? Do I wait and see if the notifications shows up or
not show up. Thanks again, I hope it works. I am worried that soemone can
get control of my computer

 

[David H. Lipman]

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt214.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave





| I am getting a notice that my computer has a Trojan Horse Virus, Back Door
| Delf.
| The notice states that it is located at C:System Volume
| Information\_restore{E9A2A9EB-6D36-423D-887A-0D0A601BA90C\RP164\A0029899.exe
| I am running AVG 7.0 I aslo am using Norton anti vrius.
| Neither antivirux program identifies the virus so I can get rid of it. All
| that happens is that AVG says my computer has the virus and identifies it as
| above. Can anyone help?
|
|

 

[PeteXX]

I fol,lowed directions again. Ran SysClean twice. Received a lot of error
messages but no viruses. So looks like it is working fine.
What do all the error messages mean? Is there any significance?
Also, should SysClean be run periodically?
Thanks for the help.

 

[David H. Lipman]

It means the files were inaccessible. Not a problem.

Dave




| I fol,lowed directions again. Ran SysClean twice. Received a lot of error
| messages but no viruses. So looks like it is working fine.
| What do all the error messages mean? Is there any significance?
| Also, should SysClean be run periodically?
| Thanks for the help.
|
|
| | > 1) Download the following two items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download SYSCLEAN.COM and place it in that directory.
| > Dowload the signature files (pattern files) by obtaining the ZIP file.
| > For example; lpt214.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
| > directory as
| > SYSCLEAN.COM.
| >
| > 2) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 3) Reboot your PC into Safe Mode
| > 4) Using the Trend Sysclean utility, perform a Full Scan of your
| > platform and
| > clean/delete any infectors found
| > 5) Restart your PC and perform a "final" Full Scan of your platform
| > 6) If you are using WinME or WinXP, Re-enable System Restore and
| > re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~
| > 600MB),
| > 7) Reboot your PC.
| > 8) If you are using WinME or WinXP, create a new Restore point
| > 9) Please report back your results
| >
| > Dave
| >
| >
| >
| >
| >
| > | > | I am getting a notice that my computer has a Trojan Horse Virus, Back
| > Door
| > | Delf.
| > | The notice states that it is located at C:System Volume
| > |
| > Information\_restore{E9A2A9EB-6D36-423D-887A-0D0A601BA90C\RP164\A0029899.exe
| > | I am running AVG 7.0 I aslo am using Norton anti vrius.
| > | Neither antivirux program identifies the virus so I can get rid of it.
| > All
| > | that happens is that AVG says my computer has the virus and identifies
| > it as
| > | above. Can anyone help?
| > |
| > |
| >
| >
|
|

 

[SAIL LOCO]

I have the backdoor virus and nobody's anti virus will install or download and
open.

 

[PeteXX]

Should I run Sysclean periodically. Is there an advantage to running it say
every week? Thanks

 

[David H. Lipman]

Sysclean is NOT an anti virus. It is a virus removal tool.

If you can't use your PC to access the Trend web site, use a peers and burn a CD or place
the files on a USB Flash drive.

Dave




| I have the backdoor virus and nobody's anti virus will install or download and
| open.

 

[David H. Lipman]

NO.

Both Sysclean.com and the Pattern Files are updated. Sysclean periodically, the Pattern
Files every couple of days. The objective is to keep an anti virus package up-to-date to
prevent infection via "On Access" scanning. If a problem is noted, use removal tools such
as Sysclean.

Dave




| Should I run Sysclean periodically. Is there an advantage to running it say
| every week? Thanks
|
|
| | > It means the files were inaccessible. Not a problem.
| >
| > Dave
| >
| >
| >
| >
| > | > | I fol,lowed directions again. Ran SysClean twice. Received a lot of
| > error
| > | messages but no viruses. So looks like it is working fine.
| > | What do all the error messages mean? Is there any significance?
| > | Also, should SysClean be run periodically?
| > | Thanks for the help.
| > |
| > |
| > | | > | > 1) Download the following two items...
| > | >
| > | > Trend Sysclean Package
| > | > http://www.trendmicro.com/download/dcs.asp
| > | >
| > | > Latest Trend signature files.
| > | > http://www.trendmicro.com/download/pattern.asp
| > | >
| > | > Create a directory.
| > | > On drive "C:\"
| > | > (e.g., "c:\New Folder")
| > | > or the desktop
| > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| > | >
| > | > Download SYSCLEAN.COM and place it in that directory.
| > | > Dowload the signature files (pattern files) by obtaining the ZIP file.
| > | > For example; lpt214.zip
| > | >
| > | > Extract the contents of the ZIP file and place the contents in the
| > same
| > | > directory as
| > | > SYSCLEAN.COM.
| > | >
| > | > 2) If you are using WinME or WinXP, disable System Restore
| > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > | > 3) Reboot your PC into Safe Mode
| > | > 4) Using the Trend Sysclean utility, perform a Full Scan of your
| > | > platform and
| > | > clean/delete any infectors found
| > | > 5) Restart your PC and perform a "final" Full Scan of your
| > platform
| > | > 6) If you are using WinME or WinXP, Re-enable System Restore and
| > | > re-apply any
| > | > System Restore preferences, (e.g. HD space to use suggested 400
| > ~
| > | > 600MB),
| > | > 7) Reboot your PC.
| > | > 8) If you are using WinME or WinXP, create a new Restore point
| > | > 9) Please report back your results
| > | >
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | I am getting a notice that my computer has a Trojan Horse Virus,
| > Back
| > | > Door
| > | > | Delf.
| > | > | The notice states that it is located at C:System Volume
| > | > |
| > | >
| > Information\_restore{E9A2A9EB-6D36-423D-887A-0D0A601BA90C\RP164\A0029899.exe
| > | > | I am running AVG 7.0 I aslo am using Norton anti vrius.
| > | > | Neither antivirux program identifies the virus so I can get rid of
| > it.
| > | > All
| > | > | that happens is that AVG says my computer has the virus and
| > identifies
| > | > it as
| > | > | above. Can anyone help?
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| >
| >
|
|